Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
908
Views
0
Helpful
1
Replies

Authentication Failure in Cisco Secure ACS v4.1

netopia
Level 1
Level 1

‎05-15-2008 06:44 PM - edited ‎03-10-2019 03:51 PM

Hi, I added a user in the Cisco Secure ACS and I am getting the following Authen-Failure-Code in Failed Attempts:

EAP-TLS or PEAP authentication failed during SSL handshake.

When I run Support in System Configuration > Support, I get the following in the auth.log:

AUTH 05/15/2008 16:55:40 I 0928 3320 AuthenProcessResponse: process response for 'FE:A3:C4:00:32:40'

AUTH 05/15/2008 16:55:40 E 0381 3320 EAP: TLS: ProcessResponse: SSL handshake failed, status = 3 (SSL send alert fatal:decode error)

AUTH 05/15/2008 16:55:40 E 0381 3320 EAP: TLS: ProcessResponse: SSL ext error reason: 87 (Ext error code = 0)

AUTH 05/15/2008 16:55:40 E 0381 3320 EAP: TLS: ProcessResponse(1519): mapped SSL error code (3) to -2120

Does anybody know, what the issue could be. I was able to find info about 2120, but don't know what exactly this means, other than that the authentication failed:

UDB_EAP_TLS_HANDSHAKE_FAILED

Thank you,

Jutta

Labels:
0 Helpful
1 Reply 1

Jagdeep Gambhir
Level 10
Level 10

‎05-17-2008 05:13 AM

Jutta,

SSL alert fatal:decode error: That means basically, the client has a problem with decoding the root certificate.

Please make sure that client has CA installed. If you are doing peap and uncheck validate server certificate on wireless setting on the client.

Regards,

~JG

Do rate helpful posts

0 Helpful
Customers Also Viewed These Support Documents